Understanding the security risks of docker hub

Peiyu Liu; Shouling Ji; Lirong Fu; Kangjie Lu; Xuhong Zhang; Wei Han Lee; Tao Lu; Wenzhi Chen; Raheem Beyah

doi:10.1007/978-3-030-58951-6_13

Understanding the security risks of docker hub

Peiyu Liu, Shouling Ji, Lirong Fu, Kangjie Lu, Xuhong Zhang, Wei Han Lee, Tao Lu, Wenzhi Chen, Raheem Beyah

Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

17 Scopus citations

Abstract

Docker has become increasingly popular because it provides efficient containers that are directly run by the host kernel. Docker Hub is one of the most popular Docker image repositories. Millions of images have been downloaded from Docker Hub billions of times. However, in the past several years, a number of high-profile attacks that exploit this key channel of image distribution have been reported. It is still unclear what security risks the new ecosystem brings. In this paper, we reveal, characterize, and understand the security issues with Docker Hub by performing the first large-scale analysis. First, we uncover multiple security-critical aspects of Docker images with an empirical but comprehensive analysis, covering sensitive parameters in run-commands, the executed programs in Docker images, and vulnerabilities in contained software. Second, we conduct a large-scale and in-depth security analysis against Docker images. We collect 2,227,244 Docker images and the associated meta-information from Docker Hub. This dataset enables us to discover many insightful findings. (1) run-commands with sensitive parameters expose disastrous harm to users and the host, such as the leakage of host files and display, and denial-of-service attacks to the host. (2) We uncover 42 malicious images that can cause attacks such as remote code execution and malicious cryptomining. (3) Vulnerability patching of software in Docker images is significantly delayed or even ignored. We believe that our measurement and analysis serves as an important first-step study on the security issues with Docker Hub, which calls for future efforts on the protection of the new Docker ecosystem.

Original language	English (US)
Title of host publication	Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings
Editors	Liqun Chen, Steve Schneider, Ninghui Li, Kaitai Liang
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	257-276
Number of pages	20
ISBN (Print)	9783030589509
DOIs	https://doi.org/10.1007/978-3-030-58951-6_13
State	Published - 2020
Event	25th European Symposium on Research in Computer Security, ESORICS 2020 - Guildford, United Kingdom Duration: Sep 14 2020 → Sep 18 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12308 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	25th European Symposium on Research in Computer Security, ESORICS 2020
Country/Territory	United Kingdom
City	Guildford
Period	9/14/20 → 9/18/20

Bibliographical note

Publisher Copyright:
© Springer Nature Switzerland AG 2020.

Access

10.1007/978-3-030-58951-6_13

OpenUrl availability

Full text

Cite this

Liu, P., Ji, S., Fu, L., Lu, K., Zhang, X., Lee, W. H., Lu, T., Chen, W., & Beyah, R. (2020). Understanding the security risks of docker hub. In L. Chen, S. Schneider, N. Li, & K. Liang (Eds.), Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings (pp. 257-276). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12308 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-58951-6_13

Understanding the security risks of docker hub. / Liu, Peiyu; Ji, Shouling; Fu, Lirong et al.
Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings. ed. / Liqun Chen; Steve Schneider; Ninghui Li; Kaitai Liang. Springer Science and Business Media Deutschland GmbH, 2020. p. 257-276 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12308 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Liu, P, Ji, S, Fu, L, Lu, K, Zhang, X, Lee, WH, Lu, T, Chen, W & Beyah, R 2020, Understanding the security risks of docker hub. in L Chen, S Schneider, N Li & K Liang (eds), Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12308 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 257-276, 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, United Kingdom, 9/14/20. https://doi.org/10.1007/978-3-030-58951-6_13

Liu P, Ji S, Fu L, Lu K, Zhang X, Lee WH et al. Understanding the security risks of docker hub. In Chen L, Schneider S, Li N, Liang K, editors, Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings. Springer Science and Business Media Deutschland GmbH. 2020. p. 257-276. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-58951-6_13

Liu, Peiyu ; Ji, Shouling ; Fu, Lirong et al. / Understanding the security risks of docker hub. Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings. editor / Liqun Chen ; Steve Schneider ; Ninghui Li ; Kaitai Liang. Springer Science and Business Media Deutschland GmbH, 2020. pp. 257-276 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{8ad21538f5f14d53b4efbc66a05bedad,

title = "Understanding the security risks of docker hub",

abstract = "Docker has become increasingly popular because it provides efficient containers that are directly run by the host kernel. Docker Hub is one of the most popular Docker image repositories. Millions of images have been downloaded from Docker Hub billions of times. However, in the past several years, a number of high-profile attacks that exploit this key channel of image distribution have been reported. It is still unclear what security risks the new ecosystem brings. In this paper, we reveal, characterize, and understand the security issues with Docker Hub by performing the first large-scale analysis. First, we uncover multiple security-critical aspects of Docker images with an empirical but comprehensive analysis, covering sensitive parameters in run-commands, the executed programs in Docker images, and vulnerabilities in contained software. Second, we conduct a large-scale and in-depth security analysis against Docker images. We collect 2,227,244 Docker images and the associated meta-information from Docker Hub. This dataset enables us to discover many insightful findings. (1) run-commands with sensitive parameters expose disastrous harm to users and the host, such as the leakage of host files and display, and denial-of-service attacks to the host. (2) We uncover 42 malicious images that can cause attacks such as remote code execution and malicious cryptomining. (3) Vulnerability patching of software in Docker images is significantly delayed or even ignored. We believe that our measurement and analysis serves as an important first-step study on the security issues with Docker Hub, which calls for future efforts on the protection of the new Docker ecosystem.",

author = "Peiyu Liu and Shouling Ji and Lirong Fu and Kangjie Lu and Xuhong Zhang and Lee, {Wei Han} and Tao Lu and Wenzhi Chen and Raheem Beyah",

note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2020.; 25th European Symposium on Research in Computer Security, ESORICS 2020 ; Conference date: 14-09-2020 Through 18-09-2020",

year = "2020",

doi = "10.1007/978-3-030-58951-6_13",

language = "English (US)",

isbn = "9783030589509",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "257--276",

editor = "Liqun Chen and Steve Schneider and Ninghui Li and Kaitai Liang",

booktitle = "Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Understanding the security risks of docker hub

AU - Liu, Peiyu

AU - Ji, Shouling

AU - Fu, Lirong

AU - Lu, Kangjie

AU - Zhang, Xuhong

AU - Lee, Wei Han

AU - Lu, Tao

AU - Chen, Wenzhi

AU - Beyah, Raheem

PY - 2020

Y1 - 2020

N2 - Docker has become increasingly popular because it provides efficient containers that are directly run by the host kernel. Docker Hub is one of the most popular Docker image repositories. Millions of images have been downloaded from Docker Hub billions of times. However, in the past several years, a number of high-profile attacks that exploit this key channel of image distribution have been reported. It is still unclear what security risks the new ecosystem brings. In this paper, we reveal, characterize, and understand the security issues with Docker Hub by performing the first large-scale analysis. First, we uncover multiple security-critical aspects of Docker images with an empirical but comprehensive analysis, covering sensitive parameters in run-commands, the executed programs in Docker images, and vulnerabilities in contained software. Second, we conduct a large-scale and in-depth security analysis against Docker images. We collect 2,227,244 Docker images and the associated meta-information from Docker Hub. This dataset enables us to discover many insightful findings. (1) run-commands with sensitive parameters expose disastrous harm to users and the host, such as the leakage of host files and display, and denial-of-service attacks to the host. (2) We uncover 42 malicious images that can cause attacks such as remote code execution and malicious cryptomining. (3) Vulnerability patching of software in Docker images is significantly delayed or even ignored. We believe that our measurement and analysis serves as an important first-step study on the security issues with Docker Hub, which calls for future efforts on the protection of the new Docker ecosystem.

AB - Docker has become increasingly popular because it provides efficient containers that are directly run by the host kernel. Docker Hub is one of the most popular Docker image repositories. Millions of images have been downloaded from Docker Hub billions of times. However, in the past several years, a number of high-profile attacks that exploit this key channel of image distribution have been reported. It is still unclear what security risks the new ecosystem brings. In this paper, we reveal, characterize, and understand the security issues with Docker Hub by performing the first large-scale analysis. First, we uncover multiple security-critical aspects of Docker images with an empirical but comprehensive analysis, covering sensitive parameters in run-commands, the executed programs in Docker images, and vulnerabilities in contained software. Second, we conduct a large-scale and in-depth security analysis against Docker images. We collect 2,227,244 Docker images and the associated meta-information from Docker Hub. This dataset enables us to discover many insightful findings. (1) run-commands with sensitive parameters expose disastrous harm to users and the host, such as the leakage of host files and display, and denial-of-service attacks to the host. (2) We uncover 42 malicious images that can cause attacks such as remote code execution and malicious cryptomining. (3) Vulnerability patching of software in Docker images is significantly delayed or even ignored. We believe that our measurement and analysis serves as an important first-step study on the security issues with Docker Hub, which calls for future efforts on the protection of the new Docker ecosystem.

UR - http://www.scopus.com/inward/record.url?scp=85091576119&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85091576119&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-58951-6_13

DO - 10.1007/978-3-030-58951-6_13

M3 - Conference contribution

AN - SCOPUS:85091576119

SN - 9783030589509

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 257

EP - 276

BT - Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings

A2 - Chen, Liqun

A2 - Schneider, Steve

A2 - Li, Ninghui

A2 - Liang, Kaitai

PB - Springer Science and Business Media Deutschland GmbH

T2 - 25th European Symposium on Research in Computer Security, ESORICS 2020

Y2 - 14 September 2020 through 18 September 2020

ER -

Understanding the security risks of docker hub

Abstract

Publication series

Conference

Bibliographical note

Access

OpenUrl availability

Other files and links

Fingerprint

Cite this